|
3371
|
6.5 |
MEDIUM
Network
|
mongodb
|
mongodb
|
In MongoDB Server 8.0, an aggregation stage can leave its _subPipeline field null during processing of certain pipelines. If a getMore is subsequently issued on the same cursor, the server may derefe…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-9743
|
2026-06-16 01:56 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3372
|
7.5 |
HIGH
Network
|
mongodb
|
mongodb
|
A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain n…
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-9740
|
2026-06-16 01:55 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3373
|
7.6 |
HIGH
Network
|
splunk
|
splunk splunk_cloud_platform
|
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, a low-privile…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-20252
|
2026-06-16 01:51 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3374
|
5.5 |
MEDIUM
Local
|
mongodb
|
mongodb
|
MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parame…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-9735
|
2026-06-16 01:46 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3375
|
9.8 |
CRITICAL
Network
|
apache
|
cxf
|
Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary JAXP hardening configurations, enabling out-of-band (OOB)
external entity res…
|
CWE-611
XXE
|
CVE-2026-49875
|
2026-06-16 01:32 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3376
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Out of bounds read in Video in Google Chrome on ChromeOS prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from pr…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-12026
|
2026-06-16 01:32 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3377
|
8.2 |
HIGH
Network
|
axios
|
axios
|
Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, axios exposes two read-side prototype-pollution gadgets. When Object.prototype is polluted by an upstream…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-44490
|
2026-06-16 01:31 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3378
|
7.5 |
HIGH
Network
|
-
|
-
|
Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed c…
|
CWE-78
OS Command
|
CVE-2026-9863
|
2026-06-16 01:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3379
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Fortra's
Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service may be able to c…
|
CWE-78
OS Command
|
CVE-2026-9862
|
2026-06-16 01:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3380
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value before storing it and using it as part of a client-side script execution, allowing authenticat…
|
-
|
CVE-2026-9278
|
2026-06-16 01:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|